The discovery of a high-impact vulnerability can equal money, power, prestige or the satisfaction of averting future disaster. Hence, for every undiscovered such vulnerability, there is an implicit wacky race of highly motivated freelancers, nation-state actors, security researchers at big tech, graduate students and other players, each armed with their respective tools, expertise and preponderance of free time, all vying to be first past the post.
For these actors, there are few things more satisfying than finding a vulnerability with wide reach and crippling impact (in these modern days, one might add: wide enough reach and crippling enough impact to warrant a catchy name, a dedicated web page and an imposing logo).
This diverse supply of vulnerabilities meets a diverse demand: actors who have actual plans of what to do with a vulnerability, including some (not all) of the actors mentioned above,
will happily pay for one handsomely in lieu of doing the difficult research.
Anyone with at least a passing interest in the field of vulnerability research who’s taken aback by the cloud of terms to memorize, processes to follow
and names to know. No prior technical knowledge is required. This study doesn’t teach actual vulnerability research past the very basics of the basics;
if you’re looking for a text that does, go read our own “A First Introduction to Systems Exploitation”.